The following error appears while installing an SSL certificate from a private CA by copying and pasting it in the Paste SSL Digital Certificate box on the VIP Enterprise Gateway under Settings > SSL Certificate.
Failed to add SSL Certificate.
Broken chain. Signature fails on [CN=xxx, DC=xxx, DC=xxx, DC=com]
The error can occur if a CSR is generated from the VIP Enterprise Gateway, then submitted to a private CA for a certificate. Or, when importing a certificate without adding the private CA chain into the VIP Enterprise Gateway.
*Note: Remember to remove old/expired root and intermediary certificates if they do not match the current SSL certificate installation, and ensure only the current root/intermediary certificates are present in Trusted CA store. Java applications attempt to use first found Root/Intermediary CA. If that does not match the serial number in the SSL certificate chain, then it may still throw this error.